Aruba Networks has released patches for eight vulnerabilities in its ClearPass Policy Manager software. The software provides unified network access enforcement across wireless, wired and VPN networks. The most severe vulnerability, CVE-2023-25589, was discovered by New Zealander pentester Daniel Jensen and could allow unauthenticated attackers to achieve “total cluster compromise” by creating arbitrary users on the platform. Four other high-severity vulnerabilities were also patched, including a local privilege escalation bug (CVE-2023-25590) and two reflected cross site scripting bugs (CVE-2023-25592 and CVE-2023-25593). The remaining three vulnerabilities were rated medium severity. The affected software versions are ClearPass Policy Manager 6.11.1 and below, 6.10.8 and blow, and 6.913 and below, and fixed versions are available.
Get a digest of headlines, vulnerabilities, risk context, and more delivered to your inbox.
By submitting this form, you’re giving us permission to email you. You may unsubscribe at any time.
Accelerate Security Teams
Continuously identify and prioritize the risks that are most critical in your environment, and validate that your remediation efforts are reducing risk. An always-on single source-of-truth of your assets, services, and vulnerabilities.